<?php
include_once "../common.php";

if(isset($_SESSION['logintimes']) && $_SESSION['logintimes'] >= 3 )
{
	
	$nextTime = time()-$_SESSION['logintime'];  // number of seconds since login
	$nextTime = $nextTime / 60; // minutes
	if($_SESSION['logintimes'] >= 20)
	{
		// BAN IP
		if(!isset($_SESSION['hackerMailed']) || $_SESSION['hackerMailed'] != 1)
		{
			$message = '';
			$message .= "Iemand probeerde in te loggen op de database van Prijsgezocht\n";
			$message .= "\n";
			$message .= "\n";
			$message .= "IP: '".$_SERVER['REMOTE_ADDR']."'\n";
			$message .= "\n";
			$message .= "\n";
			$message .= "mvg\n";
			$message .= "Prijsgezocht.nl\n";
			mail('jospape@hotmail.com', 'Hacker Attempt', $message);
			$_SESSION['hackerMailed'] = 1;
		}
		else
			echo "Hackertttttttttttt HAHAHA wat een prutser...";
	}
	elseif($_SESSION['logintimes'] >= 10 && $nextTime < 15)
	{
		echo "ERROR: u heeft ".$_SESSION['logintimes']." maal verkeerd ingelogd.\n probeer het over ".(15-$nextTime)." min weer";
	}
	elseif($_SESSION['logintimes'] >= 3 && $nextTime < 5)
	{
		echo "ERROR: u heeft ".$_SESSION['logintimes']." maal verkeerd ingelogd.\n probeer het over ".(5-$nextTime)." min weer";
	}
}

if(	isset($_POST['username']) && !empty($_POST['username']) 
	&& isset($_POST['password']) && !empty($_POST['password'])
	)
{
	// select this username password combo..
	$query = "	SELECT 
					* 
				FROM Users 
				WHERE 
					Username = '".str_replace("'","&#39;",$_POST['username'])."'
					AND Password = MD5('".str_replace("'","&#39;",$_POST['password'])."')";
	$result = $_MySQL->runQuery($query);
	if(mysql_num_rows($result) >= 1)
	{
		$_SESSION['login'] = mysql_fetch_assoc($result);
		echo "succes";
		exit;
	}
	else
	{
		echo "ERROR: Er is een verkeerde gebruikersnaam & wachtwoord combinatie opgegeven";
		
	}	
}
else
{
	echo "ERROR: geen gebruikersnaam / wachtwoord opgegeven";
}


if(!isset($_SESSION['logintimes']))
	$_SESSION['logintimes'] = 1;
else 
	$_SESSION['logintimes']++;
$_SESSION['logintime'] = time();